A new ransomware campaign has affected atleast 3 Russian media companies. Fontanka, Interfax are among the affected companies. The ransomware is named Bad Rabbit. The malware is delivered as fake flash installer, it uses the SMB protocol to check hardcoded credentials. Bad Rabbit does not employ any exploits to gain execution or elevation of privilege. … Continue reading “Bad Rabbit – Ransomware”
Cryptocurrency Mining JavaScript Libraries
Introduction: Cryptocurrency is a digital asset designed to work as a medium of exchange using cryptography to secure the transactions and to control the creation of additional units of the currency. One of the most popular cryptocurrency today is the Bitcoin. New units of cryptocurrency are generated by “mining” for them using miners. Users can … Continue reading “Cryptocurrency Mining JavaScript Libraries”
ROCA: Vulnerable RSA Key Generation [CVE-2017-15361]
The RSA keys generated using libraries from Infineon Technologies are vulnerable to practical factorization. An attacker can calculate the private key based on the structure of the generated primes. The issue affects key sizes 1204 bits and 2048 bits. The attack has been named ROCA: “Return Of Coppersmith’s Attack” and is assigned CVE-2017-15361. Coppersmith’s attacks are … Continue reading “ROCA: Vulnerable RSA Key Generation [CVE-2017-15361]”
KRACK: WPA2 Key Reinstallation Attack
Introduction Multiple key reuse vulnerabilities were discovered in the WPA2 protocol. This is a novel attack technique that has been named as KRACK – Key Reinstallation Attacks. The attack exploits a weakness in the WPA2 4-way handshake, it allows key reuse attacks against the client. This can cause the underlying encryption protocol to use known/used … Continue reading “KRACK: WPA2 Key Reinstallation Attack”
Apache Solr Remote Execution Zero-Day Vulnerability : CVE-2017-12629
Introduction Two Critical vulnerabilities have been reported in the Apache Solr distributions. These vulnerabilities were found in the latest distribution of Apache Solr. One of which is an XML External Entity (XXE) Processing and the other allows remote code execution using one of the publicly exposed API. It has been assigned CVE-2017-12629. The two vulnerabilities could … Continue reading “Apache Solr Remote Execution Zero-Day Vulnerability : CVE-2017-12629”
Execution of Untrusted Microsoft Office Macros Permitted
Microsoft Office is an office suite of applications, servers, and services developed by Microsoft for Windows and Mac OS platforms. The suite most notably consists of applications such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Access, Microsoft Publisher, Microsoft Project, Microsoft Visio, Microsoft Outlook among others. In addition to features such as word processing, … Continue reading “Execution of Untrusted Microsoft Office Macros Permitted”
Critical Vulnerabilities Discovered in dnsmasq
Various vulnerabilities have been discovered in dnsmasq, an open source framework for managing DNS, DHCP, Router Advertisement, network boot etc. These issues were discovered in versions prior to 2.78 . The vulnerabilities were disclosed to CERT/CC by Google Security Team. These vulnerabilities can be exploited remotely via DNS and DHCP protocol. CVE Protocol Description CVE-2017-14491 DNS 2 byte … Continue reading “Critical Vulnerabilities Discovered in dnsmasq”
Linux PIE/Stack Corruption: CVE-2017-1000253
Qualys Vulnerability and Malware Research Labs (VMRL) has found a Local Privilege Escalation vulnerability in Linux operating system. The vulnerability is named “Linux PIE/stack corruption” with CVE-2017-1000253. Exploiting this vulnerability will result in stack corruption as it is overwritten by data segments of a PIE binary, an unprivileged local user with access to SUID PIE … Continue reading “Linux PIE/Stack Corruption: CVE-2017-1000253”
Optionsbleed: Use-After-Free Leading to Memory Leak in Apache HTTP
Introduction: A user after free (UAF) vulnerability in Apache HTTP causes the server to respond with a corrupted ALLOW header while replying to a HTTP OPTIONS request. The Apache httpd enables attackers to read data from process memory if Limit directive is set for user in .htaccess file or if the file contains mis-configurations. This … Continue reading “Optionsbleed: Use-After-Free Leading to Memory Leak in Apache HTTP”
Piriform Supply Chain Compromise
Incident: The download servers used to distribute CCleaner (32-bit) were compromised by attackers, CCleaner version 5.33 was bundled with a malware and was being distributed through the Piriform hosting platform. This version was hosted directly on CCleaner’s download servers from September 11, 2017. The incident was disclosed by Cisco Talos team on Sept 13 2017. Piriform is the … Continue reading “Piriform Supply Chain Compromise”
